natt_select_type(iph1);
/* payload existency check */
- /* XXX to be checked each authentication method. */
+ if (iph1->dhpub_p == NULL || iph1->nonce_p == NULL) {
+ plog(LLV_ERROR, LOCATION, iph1->remote,
+ "required payloads missing from isakmp message.\n");
+ goto end;
+ }
/* verify identifier */
if (ipsecdoi_checkid1(iph1) != 0) {
pa->type != ISAKMP_NPTYPE_NONE;
pa++)
{
- if (pa->type == ISAKMP_NPTYPE_NATD_RFC ||
- pa->type == ISAKMP_NPTYPE_NATD_DRAFT ||
- pa->type == ISAKMP_NPTYPE_NATD_BADDRAFT)
- {
- if (pa->type != iph1->natd_payload_type) {
- plog(LLV_ERROR, LOCATION, iph1->remote,
- "ignore the packet, "
- "received unexpected natd payload type %d.\n",
- pa->type);
- goto end;
- }
-
+ if (pa->type == iph1->natd_payload_type) {
natd_match_t match = natd_matches(iph1, pa->ptr);
iph1->natt_flags |= natt_natd_received;
if ((match & natd_match_local) != 0)
#ifdef IKE_NAT_T
if (natd_type) {
- if (iph1->local_natd)
- p = set_isakmp_payload(p, iph1->local_natd, natd_type);
- if (iph1->remote_natd)
- p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE);
+ if ((iph1->natt_flags & NATT_TYPE_MASK) == natt_type_apple) {
+ if (iph1->local_natd)
+ p = set_isakmp_payload(p, iph1->local_natd, natd_type);
+ if (iph1->remote_natd)
+ p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE);
+ } else {
+ if (iph1->remote_natd)
+ p = set_isakmp_payload(p, iph1->remote_natd, natd_type);
+ if (iph1->local_natd)
+ p = set_isakmp_payload(p, iph1->local_natd, ISAKMP_NPTYPE_NONE);
+ }
}
#endif
}
/* payload existency check */
- /* XXX to be checked each authentication method. */
+ if (iph1->dhpub_p == NULL || iph1->nonce_p == NULL) {
+ plog(LLV_ERROR, LOCATION, iph1->remote,
+ "required payloads missing from isakmp message.\n");
+ goto end;
+ }
/* verify identifier */
if (ipsecdoi_checkid1(iph1) != 0) {
#ifdef IKE_NAT_T
if (nattvid) {
p = set_isakmp_payload(p, nattvid, iph1->natd_payload_type);
- if (iph1->local_natd)
- p = set_isakmp_payload(p, iph1->local_natd, iph1->natd_payload_type);
- if (iph1->remote_natd)
- p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE);
+ if ((iph1->natt_flags & NATT_TYPE_MASK) == natt_type_apple) {
+ if (iph1->local_natd)
+ p = set_isakmp_payload(p, iph1->local_natd, iph1->natd_payload_type);
+ if (iph1->remote_natd)
+ p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE);
+ } else {
+ if (iph1->remote_natd)
+ p = set_isakmp_payload(p, iph1->remote_natd, iph1->natd_payload_type);
+ if (iph1->local_natd)
+ p = set_isakmp_payload(p, iph1->local_natd, ISAKMP_NPTYPE_NONE);
+ }
}
#endif
break;
#ifdef IKE_NAT_T
if (nattvid) {
p = set_isakmp_payload(p, nattvid, iph1->natd_payload_type);
- if (iph1->local_natd)
- p = set_isakmp_payload(p, iph1->local_natd, iph1->natd_payload_type);
- if (iph1->remote_natd)
- p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE);
+ if ((iph1->natt_flags & NATT_TYPE_MASK) == natt_type_apple) {
+ if (iph1->local_natd)
+ p = set_isakmp_payload(p, iph1->local_natd, iph1->natd_payload_type);
+ if (iph1->remote_natd)
+ p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE);
+ } else {
+ if (iph1->remote_natd)
+ p = set_isakmp_payload(p, iph1->remote_natd, iph1->natd_payload_type);
+ if (iph1->local_natd)
+ p = set_isakmp_payload(p, iph1->local_natd, ISAKMP_NPTYPE_NONE);
+ }
}
#endif
case ISAKMP_NPTYPE_NATD_DRAFT:
case ISAKMP_NPTYPE_NATD_BADDRAFT:
#ifdef IKE_NAT_T
- if (pa->type != iph1->natd_payload_type) {
- plog(LLV_ERROR, LOCATION, iph1->remote,
- "ignore the packet, "
- "received unexpected natd payload type %d.\n",
- pa->type);
- goto end;
- }
-
- {
+ if (pa->type == iph1->natd_payload_type) {
natd_match_t match = natd_matches(iph1, pa->ptr);
iph1->natt_flags |= natt_natd_received;
if ((match & natd_match_local) != 0)
projects / apple / network_cmds.git / blobdiff